At least that's what I figured until I started getting bounces like the one below. It seems Microsoft has decided that Security Focus mailing lists are too dangerous. To step up the oddity of this policy, bounces only occur when the originating MTA is with Yahoo. I can receive email directly from securityfocus.com. I can receive email from securityfocus.com when the originating mail server is a one-off IP address from Finland that is part of a DSL netblock. But Yahoo is a bridge too far. Stupid stupid stupid.
Return-Path: <> Received: (qmail 22048 invoked from network); 15 Jul 2015 15:26:46 -0000 Received: from sf01mail1.securityfocus.com (HELO mail.securityfocus.com) (192.168.120.35) by lists.securityfocus.com with SMTP; 15 Jul 2015 15:26:46 -0000 Received: (qmail 27445 invoked by alias); 15 Jul 2015 15:26:31 -0000 Received: (qmail 21710 invoked from network); 15 Jul 2015 15:26:06 -0000 Received: from sf01smtp2.securityfocus.com (192.168.120.34) by mail.securityfocus.com with SMTP; 15 Jul 2015 15:26:06 -0000 Received: by sf01smtp2.securityfocus.com (Postfix) id E771981455; Wed, 15 Jul 2015 10:31:59 -0700 (PDT) Date: Wed, 15 Jul 2015 10:31:59 -0700 (PDT) From: MAILER-DAEMON@securityfocus.com (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: bugtraq-return-55766-(redacted)=email@example.com Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="5D865812F6.1436981490/sf01smtp2.securityfocus.com" Content-Transfer-Encoding: 8bit Message-Id: <20150715173159 data-blogger-escaped-.e771981455="" data-blogger-escaped-sf01smtp2.securityfocus.com=""> This is a MIME-encapsulated message. --5D865812F6.1436981490/sf01smtp2.securityfocus.com Content-Description: Notification Content-Type: text/plain; charset=us-ascii This is the mail system at host sf01smtp2.securityfocus.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <(redacted)="" live.com="">: host mx4.hotmail.com[220.127.116.11] said: 550 5.7.0 (SNT004-MC2F10) Unfortunately, messages from (18.104.22.168) on behalf of (yahoo.com) could not be delivered due to domain owner policy restrictions. (in reply to end of DATA command) --5D865812F6.1436981490/sf01smtp2.securityfocus.com Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; sf01smtp2.securityfocus.com X-Postfix-Queue-ID: 5D865812F6 X-Postfix-Sender: rfc822; (redacted)@securityfocus.com Arrival-Date: Wed, 15 Jul 2015 10:18:42 -0700 (PDT) Final-Recipient: rfc822; (redacted)@live.com Action: failed Status: 5.7.0 Remote-MTA: dns; mx4.hotmail.com Diagnostic-Code: smtp; 550 5.7.0 (SNT004-MC2F10) Unfortunately, messages from (22.214.171.124) on behalf of (yahoo.com) could not be delivered due to domain owner policy restrictions. --5D865812F6.1436981490/sf01smtp2.securityfocus.com Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Received: from lists.securityfocus.com (lists.securityfocus.com [192.168.120.36]) by sf01smtp2.securityfocus.com (Postfix) with QMQP id 5D865812F6; Wed, 15 Jul 2015 10:18:42 -0700 (PDT) Precedence: bulk (redacted) Delivered-To: mailing list (redacted)@securityfocus.com Delivered-To: moderator for (redacted)@securityfocus.com Received: (qmail 9417 invoked from network); 15 Jul 2015 10:14:32 -0000 Date: Wed, 15 Jul 2015 10:14:31 GMT Message-Id: <201507151014 data-blogger-escaped-.t6faevnw013232="" data-blogger-escaped-sf01web2.securityfocus.com=""> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) From: (redacted)@yahoo.com To: (redacted)@securityfocus.com Subject: XSS vulnerability in OFBiz forms